/** * authorization function verifies login & password and set user session data * return map * */ function doAuthorize(&$db, $login, $pwd) { $result = array('status' => tl::ERROR, 'msg' => null); $_SESSION['locale'] = TL_DEFAULT_LOCALE; if (!is_null($pwd) && !is_null($login)) { $user = new tlUser(); $user->login = $login; $login_exists = $user->readFromDB($db, tlUser::USER_O_SEARCH_BYLOGIN) >= tl::OK; if ($login_exists) { $password_check = auth_does_password_match($user, $pwd); if ($password_check->status_ok && $user->isActive) { // 20051007 MHT Solved 0000024 Session confusion // Disallow two sessions within one browser if (isset($_SESSION['currentUser']) && !is_null($_SESSION['currentUser'])) { $result['msg'] = lang_get('login_msg_session_exists1') . ' <a style="color:white;" href="logout.php">' . lang_get('logout_link') . '</a>' . lang_get('login_msg_session_exists2'); } else { //Setting user's session information $_SESSION['currentUser'] = $user; $_SESSION['lastActivity'] = time(); global $g_tlLogger; $g_tlLogger->endTransaction(); $g_tlLogger->startTransaction(); setUserSession($db, $user->login, $user->dbID, $user->globalRoleID, $user->emailAddress, $user->locale, null); $result['status'] = tl::OK; } } else { logAuditEvent(TLS("audit_login_failed", $login, $_SERVER['REMOTE_ADDR']), "LOGIN_FAILED", $user->dbID, "users"); } } } return $result; }
function attemptLogin() { $user = getUserByUsernameOrEmail($_POST['username']); $login_ok = $user != null && isValidLogin($user, $_POST['password']); if ($login_ok) { setUserSession($user); } routeOnSuccessfulLoginOrReturnError($login_ok); }
$gui->update_title_bar = 1; break; case 'changePassword': $op = changePassword($args, $user); $doUpdate = $op->status >= tl::OK; break; case 'genAPIKey': $op = generateAPIKey($args, $user); break; } if ($doUpdate) { $op->status = $user->writeToDB($db); if ($op->status >= tl::OK) { logAuditEvent(TLS($op->auditMsg, $user->login), "SAVE", $user->dbID, "users"); $_SESSION['currentUser'] = $user; setUserSession($db, $user->login, $args->userID, $user->globalRoleID, $user->emailAddress, $user->locale); } } $gui->loginHistory = new stdClass(); $gui->loginHistory->failed = $g_tlLogger->getAuditEventsFor($args->userID, "users", "LOGIN_FAILED", 10); $gui->loginHistory->ok = $g_tlLogger->getAuditEventsFor($args->userID, "users", "LOGIN", 10); if ($op->status != tl::OK) { $op->user_feedback = getUserErrorMessage($op->status); } $user->readFromDB($db); // set a string if not generated key yet if (null == $user->userApiKey) { $user->userApiKey = TLS('none'); } $gui->user_feedback = $op->user_feedback; $smarty = new TLSmarty();
/** * for SSL Cliente Certificate we can not check password but * 1. login exists * 2. SSL context exist * * return map * */ function doSSOClientCertificate(&$dbHandler, $apache_mod_ssl_env, $authCfg = null) { global $g_tlLogger; $result = array('status' => tl::ERROR, 'msg' => null); if (!isset($apache_mod_ssl_env['SSL_PROTOCOL'])) { return $result; } // With this we trust SSL is enabled => go ahead with login control $authCfg = is_null($authCfg) ? config_get('authentication') : $authCfg; $login = $apache_mod_ssl_env[$authCfg['SSO_uid_field']]; if (!is_null($login)) { $user = new tlUser(); $user->login = $login; $login_exists = $user->readFromDB($dbHandler, tlUser::USER_O_SEARCH_BYLOGIN) >= tl::OK; if ($login_exists && $user->isActive) { // Need to do set COOKIE following Mantis model $auth_cookie_name = config_get('auth_cookie'); $expireOnBrowserClose = false; setcookie($auth_cookie_name, $user->getSecurityCookie(), $expireOnBrowserClose, '/'); // Disallow two sessions within one browser if (isset($_SESSION['currentUser']) && !is_null($_SESSION['currentUser'])) { $result['msg'] = lang_get('login_msg_session_exists1') . ' <a style="color:white;" href="logout.php">' . lang_get('logout_link') . '</a>' . lang_get('login_msg_session_exists2'); } else { // Setting user's session information $_SESSION['currentUser'] = $user; $_SESSION['lastActivity'] = time(); $g_tlLogger->endTransaction(); $g_tlLogger->startTransaction(); setUserSession($dbHandler, $user->login, $user->dbID, $user->globalRoleID, $user->emailAddress, $user->locale, null); $result['status'] = tl::OK; } } else { logAuditEvent(TLS("audit_login_failed", $login, $_SERVER['REMOTE_ADDR']), "LOGIN_FAILED", $user->dbID, "users"); } } return $result; }
/** * */ function doUpdate(&$dbHandler, &$argsObj, $sessionUserID) { $op = new stdClass(); $op->user_feedback = ''; $op->user = new tlUser($argsObj->user_id); $op->status = $op->user->readFromDB($dbHandler); if ($op->status >= tl::OK) { initializeUserProperties($op->user, $argsObj); $op->status = $op->user->writeToDB($dbHandler); if ($op->status >= tl::OK) { logAuditEvent(TLS("audit_user_saved", $op->user->login), "SAVE", $op->user->dbID, "users"); if ($sessionUserID == $argsObj->user_id) { $_SESSION['currentUser'] = $op->user; setUserSession($dbHandler, $op->user->login, $argsObj->user_id, $op->user->globalRoleID, $op->user->emailAddress, $op->user->locale); if (!$argsObj->user_is_active) { header("Location: ../../logout.php"); exit; } } } $op->user_feedback = getUserErrorMessage($op->status); } return $op; }
if (!$sameUsername && !$sameEmail) { # Determine what the new account's initial rank should be. This equals # the lowest rank in the ladder plus 1. $getRanks = mysqli_query($connection, "SELECT MAX(rank) FROM player"); $maxRank = mysqli_fetch_array($getRanks); $maxRank = $maxRank[0]; $newRank = $maxRank + 1; # Insert the new user into the database, using the boolean return result # from the query to determine whether registration of the account was # successful. $registerSuccess = mysqli_query($connection, "INSERT INTO player (name, email, phone, rank, username, password)\n VALUES ('{$playerName}', '{$email}', '{$phone}', '{$newRank}', '{$username}', '{$hashedPassword}')"); # If the account registration has been successfull, log the user into their # new user account. if ($registerSuccess) { # Set the user sessions. setUserSession($username, $hashedPassword); } } else { $registerSuccess = false; } ?> <!DOCTYPE html> <html> <head> <title>Wrath of Titans - Register</title> <!-- CSS Inclusion --> <link href="../../styles/reset.css" rel="stylesheet" type="text/css" /> <link href="../../styles/main.css" rel="stylesheet" type="text/css" /> <!-- /End CSS Inclusion -->